Method and apparatus for processing account information in block chain, storage medium, and electronic apparatus

ABSTRACT

A method for processing account information in a block chain is provided. A computer device receives identity information and a transfer request, the transfer request requesting to transfer a resource in an account to a target account, the target account being generated by a certificate center. The computer device obtains owner information of the account from the certificate center according to the transfer request. The computer device compares the identity information and the owner information. The computer device transmits an authentication request to the block chain in response to determining that the identity information and the owner information are consistent, the authentication request requesting the block chain to transfer the resource in the account to the target account.

CROSS-REFERENCE TO RELATED APPLICATION(S)

This application is a continuation of U.S. application Ser. No.16/371,480, filed Apr. 1, 2019, which is a bypass continuation ofInternational Application No. PCT/CN2018/077412, filed on Feb. 27, 2018,in the Chinese Patent Office, which claims priority to Chinese PatentApplication No. 201710120699.9, entitled “METHOD AND APPARATUS FORPROCESSING ACCOUNT INFORMATION IN BLOCK CHAIN, STORAGE MEDIUM, ANDELECTRONIC APPARATUS”, filed on Feb. 28, 2017, in the Chinese PatentOffice, the disclosures of which are incorporated in their entireties byreference.

BACKGROUND 1. Field

Exemplary embodiments relate to the field of block chains, andspecifically, to a method and an apparatus for processing accountinformation in a block chain, a storage medium, and an electronicapparatus.

2. Description of the Related Art

An account in a block chain usually consists of a public key and aprivate key (asymmetric keys). An address of an account is usuallyobtained by hashing the public key, and the private key is used forproving and authorizing transactions of resources in the account. A userproves an identity of the user and trades the resources in the account,by using the private key of the account. Once the private key is lost,the resources in the account cannot be transferred or traded.

To avoid that the resources in the account cannot be transferred ortraded when the private key is lost, the following two solutions areusually used in the related art technology:

Solution 1: An intermediary is used as a trustee of a private key of theuser.

Solution 2: An account right is entrusted to a third party, and when theprivate key of the account is lost, the third party trades or transfersthe resources on behalf of the user. For example, trusteeship isestablished by using a smart contract technology or a similartechnology.

However, in the foregoing solutions, trusteeship must be establishedbefore the private key is lost. If the user does not establishtrusteeship before the account is lost, the above solutions are invalid.In addition, when the private key or the right is entrusted to the thirdparty, security of the resources cannot be completely guaranteed. If theresources are lost, it may not be proven that the loss of the resourcesis caused by the user or a trustee, and consequently, the account isinsecure.

For the foregoing problems, currently, no effective solution isproposed.

SUMMARY

One or more exemplary embodiments provide a method and an apparatus forprocessing account information in a block chain, a storage medium, andan electronic apparatus, to solve a technical problem of accountinsecurity caused by loss of a private key of an account in a blockchain.

According to an aspect of an exemplary embodiment, provided is a methodfor processing account information in a block chain. A computer devicereceives identity information and a transfer request, the transferrequest requesting to transfer a resource in an account to a targetaccount, the target account being generated by a certificate center. Thecomputer device obtains owner information of the account from thecertificate center according to the transfer request. The computerdevice compares the identity information and the owner information. Thecomputer device transmits an authentication request to the block chainin response to determining that the identity information and the ownerinformation are consistent, the authentication request requesting theblock chain to transfer the resource in the account to the targetaccount.

According to an aspect of another exemplary embodiment, provided is anapparatus for processing account information in a block chain, theapparatus including: at least one memory operable to store program code;and at least one processor operable to read the program code and operateas instructed by the program code, the program code including: firstreceiving code configured to cause the at least one processor to receiveidentity information and a transfer request requesting to transfer aresource in an account to a target account, the target account beinggenerated by a certificate center; obtaining code configured to causethe at least one processor to obtain owner information of the accountfrom the certificate center according to the transfer request; firstcomparison code configured to cause the at least one processor tocompare the identity information and the owner information; and firsttransmission code configured to cause the at least one processor totransmit an authentication request to the block chain in response todetermining that the identity information and the owner information areconsistent, the authentication request requesting the block chain totransfer the resource in the account to the target account.

According to an aspect of still another exemplary embodiment, providedis a non-transitory computer readable storage medium, storing a computerprogram executable by at least one processor to cause the at least oneprocessor to perform: receiving identity information and a transferrequest, the transfer request requesting to transfer a resource in anaccount to a target account, the target account being generated by acertificate center; obtaining owner information of the account from thecertificate center according to the transfer request; comparing theidentity information and the owner information; and transmitting anauthentication request to a block chain in response to determining thatthe identity information and the owner information are consistent, theauthentication request requesting the block chain to transfer theresource in the account to the target account.

In the embodiments of this application, the transfer request and theidentity information that are sent by the user are received, thetransfer request being used for requesting to transfer the resource inthe lost account to the target account, and the target account beinggenerated by the certificate center; the owner information of the lostaccount is obtained from the certificate center according to thetransfer request; the identity information and the owner information arecompared; the authentication request is submitted to the block chainwhen it is determined through comparison that the identity informationand the owner information are consistent, so that the block chainrecords the transfer event in the block chain according to theauthentication request, the transfer event being used for instructing totransfer the resource in the lost account to the target account. Theidentity information provided by the user and the owner information ofthe lost account are compared to determine whether the identityinformation provided by the user and the owner information of the lostaccount are consistent, and when it is determined through comparisonthat the identity information provided by the user and the ownerinformation of the lost account are consistent, the authenticationrequest is submitted to the block chain, to transfer the resource in thelost account to the target account in the block chain, to achieve thetechnical effect that a signature of a private key of the lost accountdoes not need to be verified when the resource in the lost account istransferred to the target account, thereby solving a technical problemof account insecurity caused by loss of the private key of the accountin the block chain.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings described herein are used for providingfurther understanding of exemplary embodiments and constitute a part ofthe disclosure. Exemplary embodiments and descriptions thereof are usedfor explaining the disclosure and do not constitute an improperlimitation to the disclosure.

FIG. 1 is a schematic diagram of a block chain according to the relatedart technology.

FIG. 2 is a schematic diagram of a hardware environment of a method forprocessing account information in a block chain according to anembodiment.

FIG. 3 is a flowchart of an optional method for processing accountinformation in a block chain according to an embodiment.

FIG. 4 is a schematic diagram of a filed list of first data according toan embodiment.

FIG. 5 is a flowchart of an optional method for processing accountinformation in a block chain according to an embodiment.

FIG. 6 is a schematic diagram of an optional apparatus for processingaccount information in a block chain according to an embodiment.

FIG. 7 is a structural block diagram of a terminal according to anembodiment.

DETAILED DESCRIPTION

To help a person skilled in the art better understand solutionsaccording to the disclosure, the following clearly and completelydescribes the technical solutions in the embodiments with reference tothe accompanying drawings. Apparently, the described embodiments aremerely some rather than all of the embodiments. All other embodimentsthat can be obtained by persons skilled in the art based on theexemplary embodiments described herein without creative efforts shallfall within the protection scope of the disclosure.

It should be noted that in the specification, claims, and accompanyingdrawings, the terms “first”, “second”, and so on are intended todistinguish between similar objects rather than indicating a specificorder. It should be understood that data used in this way can beinterchanged in an appropriate case, so that the embodiments that aredescribed herein can be implemented in a sequence other than thosesequences illustrated or described herein. Moreover, the terms“include”, “contain” and any other variants mean to cover thenon-exclusive inclusion. For example, a process, method, system,product, or device that includes a series of operations or units is notnecessarily limited to those operations or units that are expresslylisted, but may include other operations or units not expressly listedor inherent to such a process, method, product, or device.

The meaning of the terms described herein is explained below.

Block chain: As shown in FIG. 1, a block chain organizes data in a unitof a block. All transaction records in the whole network may be storedin the block chain in a form of transaction orders. A first block in theblock chain is an initial block, also referred to as a genesis block.One transaction formed each time is recorded in one block, andinformation recorded in the block is transparent to the whole network. Aplurality of blocks is connected together in a sequence to form theblock chain.

Account: An account in a block chain usually consists of a public keyand a private key (asymmetric keys). An address of the account isusually obtained by hashing the public key, and the private key is usedfor proving and authorizing transactions of an asset in the account.Once the private key is lost, a conventional transaction usually cannotbe performed. An account concept in this text is similar to a Bitcoinaddress concept of Bitcoin. A lost account and a target account in thistext are both accounts in the block chain.

Certificate center: A certificate center is used for creating a blockchain account, and records a public key and an address of the accountand identity information of an owner of the account.

Private key loss: In this text, “private key loss” and “account loss”may be understood as synonyms. “An old account” is a lost account.

Special transaction: When a user loses a private key, a transaction inwhich an asset in a lost account is transferred to a new account througha super account is referred to as a special transaction.

First account: A first account is a super account in a block chain. Thesuper account may be an account that is accepted in a block chainnetwork and that cannot be forged. The first account may be used for aspecial transaction, or may be used for other purposes, for example,used for creating assets in a block chain. A public key of the firstaccount is recorded in a certificate center and an initial block of theblock chain.

Gateway: A gateway is an asset gateway. The asset gateway is a user withspecial rights in a block chain, and a super account is an account ofthe asset gateway. The asset gateway can send an asset issuing request,an asset retrieving request, and the like to a block chain service inthe block chain. The gateway may be another system, for example, may bean electronic counter system, responsible for processing user andservice requests and then sending these requests to a block chainthrough a block chain interface (through a super account). The gatewayrepresents an asset gateway mechanism, is an owner of a first account (asuper account), and is usually an authority in a block chain network. Inthis text, the gateway is responsible for handling a request for a userto retrieve a resource. The gateway may be disposed in a terminal or aserver, and the terminal or the server implements functions of thegateway.

According to an embodiment, a method for processing account informationin a block chain is provided.

Optionally, in this embodiment, the method for processing accountinformation in a block chain may be applied to a hardware environmentthat is composed of a server 202 and a terminal 204 and that is shown inFIG. 2. As shown in FIG. 2, the server 202 is connected to the terminal204 through a network. The network includes but is not limited to: awide area network, a metropolitan area network, or a local area network,and the terminal 204 is not limited to a PC, a mobile phone, a tabletcomputer, or the like. The method for processing account information ina block chain in this embodiment may be performed by the server 202, ormay be performed by the terminal 204, or may be performed by the server202 and the terminal 204 together. The terminal 204 performs the methodfor processing account information in a block chain in this embodiment,and alternatively, the method may be performed by a client installed onthe terminal 204.

The hardware environment that is composed of the server 202 and theterminal 204 and that is shown in FIG. 2 is mainly used for performingthe method for processing account information in a block chain in thisembodiment. The block chain in the method for processing accountinformation in a block chain may be disposed in a server different fromthat in the hardware environment shown in FIG. 2. That is, the hardwareenvironment composed of the server 202 and the terminal 204 in thisembodiment is used for implementing an environment of a gateway, and thehardware environment and the block chain may be two different systems.Optionally, the server 202 shown in FIG. 2 may be a server cluster. Someservers in the server cluster may be used for implementing functions ofthe gateway, and some other servers may implement functions of the blockchain. Alternatively, functions of both the gateway and the block chainmay be implemented on one server.

It should be noted that a device in the block chain in this embodimentmay be construed as a computer device, such as a terminal or a server.The device in the block chain may be used as a node of the block chain,nodes of a plurality of block chains form the block chain, and at leastone device corresponding to the plurality of nodes implements thefunctions of the block chain. Method operations or processes performedby the block chain are performed by the nodes in the block chain.

FIG. 3 is a flowchart of an optional method for processing accountinformation in a block chain according to an embodiment. The processingmethod is performed by a computer device. The computer device includes aterminal and a server. The computer device can implement functions of agateway, and the gateway is configured to perform the method forprocessing account information in a block chain. As shown in FIG. 3, themethod may include the following operations.

Operation S302: A computer device receives a transfer request andidentity information that are sent by a user, the transfer request beingused for requesting to transfer a resource in a lost account to a targetaccount, and the target account being generated by a certificate center.

Operation S304: The computer device obtains owner information of thelost account from the certificate center according to the transferrequest.

Operation S306: The computer device compares the identity informationand the owner information.

Operation S308: The computer device submits an authentication request toa block chain requesting the block chain to transfer the resource in thelost account to the target account when determining through comparisonthat the identity information and the owner information are consistent(e.g., the identity information and the owner information are the same).Accordingly, the block chain records a transfer event in the block chainaccording to the authentication request, the transfer event being usedfor instructing to transfer the resource in the lost account to thetarget account.

According to operation S302 to operation S308, the identity informationprovided by the user and the owner information of the lost account arecompared to determine whether the identity information provided by theuser and the owner information of the lost account are consistent, andwhen it is determined through comparison that the identity informationprovided by the user and the owner information of the lost account areconsistent, the authentication request is submitted to the block chain,to transfer the resource in the lost account to the target account inthe block chain, thereby solving a technical problem of accountinsecurity caused by loss of the private key of the account in the blockchain, so that a signature of a private key of the lost account does notneed to be verified when the resource in the lost account is transferredto the target account, to achieve the technical effect of improvingaccount security.

In the technical solution provided in operation S302, when the privatekey in a block chain account is lost, the user may send the identityinformation and the transfer request to the gateway, to transfer theresource in the lost account to the target account. Specifically, whenthe private key of the account is lost, the user first generates a newaccount through the certificate center and uses the newly generatedaccount as the target account. Optionally, the certificate center isused for creating an account and public keys and addresses of allaccounts and information about owners of the accounts are recorded inthe certificate center. The user sends a transfer request to the gatewayaccording to a lost account and the target account. The transfer requestis used for requesting the gateway to transfer a resource in the lostaccount to the target account. In addition, the user further needs toprovide the identity information to the gateway, to prove, through theidentity information, that the user is an owner of the lost account. Thegateway may be but not be limited to a server or an electronic platformor a counter service set by an authority in a block chain network. Thegateway is configured to represent the authority to receive the transferrequest and the identity information that are submitted by the user.Depending on specific stipulations, the identity information submittedby the user may be paper materials of an identity document of the useror scanning copies of the paper materials or may be files that can provea user identity and a will of the user and that are in other formats,such as a human face image and pupil scanning information.

In the technical solution provided in operation S304, the gateway has aright of obtaining account information recorded in the certificatecenter from the certificate center. To verify the identity informationsubmitted by the user, the gateway obtains information about the ownerof the lost account from the certificate center according to thetransfer request submitted by the user, and the information about theowner of the lost account is identity information of the owner of thelost account. For example, the certificate center records an identitycard number of the owner of the lost account or a scanning copy of anidentity card copy, and then the user needs to provide correspondingmaterials that prove identity, such as the identity card copy.Alternatively, the certificate center records voiceprint information ofthe owner of the lost account, and then the user needs to providecorresponding voiceprint materials.

In the technical solution provided in operation S306, the gatewaycompares the identity information submitted by the user with theinformation about the owner of the lost account that is obtained fromthe certificate center, to determine whether the identity informationsubmitted by the user and the owner information of the lost account areconsistent, to verify whether the user is the owner of the lost account.

In the technical solution provided in operation S308, if it isdetermined through verification that the identity information submittedby the user and the information about the owner of the lost account areinconsistent, verification of the identity information of the userfails, that is, the user is determined as not being the owner of thelost account, the transfer request submitted by the user to the gatewayis illegal, and the gateway makes no response to the transfer request.If the identity information submitted by the user and the ownerinformation of the lost account are consistent, verification on theidentity information of the user succeeds, that is, the user isdetermined as the owner of the lost account, and the gateway makes aresponse to the transfer request submitted by the user. Specifically,the gateway submits the authentication request to the block chainaccording to the transfer request submitted by the user, so that theblock chain records a transfer event, to instruct to transfer theresource in the lost account to the target account. For example, a blockis newly added to the block chain, and is used for recording thetransfer event, to complete transferring the resource in the lostaccount to the target account.

The method for processing account information in a block chain providedin this embodiment may be applied to digital payment scenarios invarious block chain modes, for example, account transactions of banks,portfolios, gold exchange in block chain modes or may be applied totransaction scenarios of virtual resources in block chain modes, forexample, transactions of virtual resources of game accounts in onlinegames.

Optionally, the submitting, by the gateway, an authentication request toa block chain includes: signing initial data by using a private key of afirst account, to obtain first data, the initial data includinginformation about the lost account, information about the targetaccount, the identity information, the transfer request, and a resourcelist, and the resource list being a list of all resources to betransferred in the lost account; generating the authentication requestaccording to the first data; and submitting the authentication requestcarrying the initial data to the block chain.

In an optional embodiment, when submitting the authentication request tothe block chain, the gateway first obtains the initial data according tothe received transfer request and then signs the initial data to obtainfirst data. As shown in FIG. 4, optionally, the authentication requestincludes the initial data and a signature provided by the gateway forthe initial data. The initial data includes the information about thelost account, information about the target account, the identityinformation and the transfer request that are submitted by the user, anda list of all resources that need to be transferred from the lostaccount to the target account. The gateway generates the authenticationrequest according to the first data and the initial data and submits theauthentication request to the block chain.

The first account exists in the block chain. Optionally, the firstaccount may be a super account in the block chain. The first account maybe an account that is unique and that cannot be forged in the blockchain, and the gateway is an owner of the first account and has aprivate key of the first account. The gateway may sign the initial databy using the private key of the first account to obtain the first data.The authentication request submitted by the gateway to the block chainis generated according to the first data, and the first data is obtainedby signing the initial data by using the private key of the firstaccount. The gateway serves as the owner of the first account and ownsthe private key of the first account and needs to take responsibilityfor authenticity of the authentication request, namely, information inthe initial data. Therefore, the block chain only needs to verifywhether it is legal for the gateway to sign the initial data by usingthe private key, and when it is legal, confirms that authenticationsucceeds and records the transfer event.

Optionally, the signing, by the computer device, initial data by using aprivate key of a first account, to obtain first data includes:encrypting, by the computer device, the identity information and thetransfer request by using a public key of the first account, to obtainsecond data; and signing, by the computer device, the information aboutthe lost account, the information about the target account, the resourcelist, and the second data by using the private key of the first account,to obtain the first data.

In an optional embodiment, to protect privacy of the user and preventpersonal data of the user from being leaked, the identity informationand the transfer request that are submitted by the user may beencrypted. Specifically, when signing the initial data by using theprivate key of the first account to obtain the first data, the gatewayfirst obtains the public key of the first account from the certificatecenter; encrypts, by using the public key of the first account, theidentity information and the transfer request that are submitted by theuser, to obtain the second data; and then signs the information aboutthe lost account, the information about the target information, theresource list, and the second data by using the private key of the firstaccount, to obtain the first data. After the gateway generates theauthentication request according to the first data and submits theauthentication request to the block chain, because the identityinformation and the transfer request that are submitted by the user areencrypted by the public key of the first account, another person canobtain only the encrypted identity information and transfer request ofthe user from the block chain but cannot obtain original texts of theidentity information and the transfer request of the user.

In addition to the foregoing embodiments, the disclosure furtherprovides an optional embodiment. In the optional embodiment, thesigning, by the computer device, initial data by using a private key ofa first account, to obtain first data includes: signing, by the computerdevice, the identity information and the transfer request by using theprivate key of the first account, to obtain third data; and signing, bythe computer device, the information about the lost account, theinformation about the target account, the resource list, and the thirddata by using the private key of the first account, to obtain the firstdata.

When signing the initial data by using the private key of the firstaccount to obtain the first data, the gateway first signs, by using theprivate key of the first account, the identity information and thetransfer request that are submitted by the user, to obtain the thirddata, and then signs the information about the lost account, theinformation about the target account, the resource list, and the thirddata by using the private key of the first account, to obtain the firstdata. A process in which the gateway signs, by using the private key ofthe first account, the identity information and the transfer requestthat are submitted by the user includes first hashing the identityinformation and the transfer request that are submitted by the user andthen encrypting the identity information and the transfer request, toobtain the third data, and a process of the hashing is irreversible.Therefore, after the gateway generates the authentication requestaccording to the first data and submits the authentication request tothe block chain, even if another person can decrypt the identityinformation and the transfer request, the hashed identity informationand transfer request are obtained, and original texts of the identityinformation and the transfer request of the user cannot be obtained, toprevent privacy of the user from being leaked.

Optionally, the submitting an authentication request to a block chainwhen determining through comparison that the identity information andthe owner information are consistent, so that the block chain records atransfer event in the block chain according to the authenticationrequest includes: obtaining, by a device of the block chain, the firstdata according to the authentication request; verifying, by the deviceof the block chain, the first data; and recording, by the device of theblock chain, the transfer event according to the initial data after theverification succeeds.

In an optional embodiment, in a process in which the gateway submits theauthentication request to the block chain, so that the block chainrecords the transfer event according to the authentication request, theblock chain obtains the first data from the authentication requestsubmitted by the gateway and verifies the first data. After verificationsucceeds, the block chain trusts the initial data carried in theauthentication request and records the transfer event according to theinitial data in the authentication request.

When verifying the first data, the block chain only needs to obtain thepublic key of the first account from the certificate center and verifythe first data by using the public key of the first account. Ifverification succeeds, the block chain trusts the authenticationrequest, obtains the initial data carried in the authentication request,and records the transfer event according to the initial data. As shownin FIG. 4, in a process in which the block chain authenticates the firstdata, the block chain merely verifies a signature in a fifth column inFIG. 4 and does not need to verify initial data in the first fourcolumns. The signature in the fifth column is a signature provided bythe gateway for the initial data in the first four columns by using theprivate key of the first account. When verification performed by a blockon the signature in the fifth column succeeds, the initial data in thefirst four columns is selected to be trusted. Authenticity of theinitial data in the first four columns is verified by the gateway, thatis, the gateway takes responsibility for verifying the initial data.

In the foregoing verification process, because checking of the identityinformation and the transfer request is completed by the gateway, andthe block chain trusts a checking result of the gateway, the block chainonly needs to verify whether a signature provided by the gateway for theinitial data is authentic and does not need to verify the identityinformation and the transfer request of the user. Provided that theblock chain determines through verification that the signature providedby the gateway for the initial data is authentic, the receivedauthentication request is accepted, and the transfer event is recorded,to transfer the resource in the lost account to the target account.

Optionally, the verifying, by the device of the block chain, the firstdata includes: obtaining, by a plurality of devices of the block chain,the public key of the first account from the certificate center or aninitial block of the block chain; and verifying, by the plurality ofdevices of the block chain, the first data by using the public key ofthe first account.

In an optional embodiment, the block chain may include a plurality ofdevices. It should be noted that the block chain in this embodimentincludes a plurality of block nodes, and the plurality of devicesincluded in the block chain corresponds to a plurality of block nodes,namely, one block node may correspond to one device. In a process inwhich the block chain verifies the first data, each device in aplurality of blocks in the block chain obtains the public key of thefirst account from the certificate center or the initial block of theblock chain and verifies the first data by using the public key of thefirst account. If verification on most of the plurality of devicessucceeds, verification performed by the block chain on the first datasucceeds, and the block selects to trust the initial data of the firstdata. In a process in which each device verifies the first data, thedevice only needs to verify whether the signature provided by thegateway for the initial data is authentic and does not need to verifythe identity information and the transfer request that are submitted bythe user in the initial data. The gateway takes responsibility forverifying authenticity of the identity information and the transferrequest that are submitted by the user.

Optionally, after the submitting an authentication request to a blockchain, so that the block chain records a transfer event in the blockchain according to the authentication request, the method for processingaccount information in a block chain may further include: setting, by adevice of the block chain, a freezing period for the target account, theresource in the target account not being allowed to be transferredwithin the freezing period.

In an optional embodiment, to avoid loss to the lost account caused byincorrectly transferring the resource in the lost account to the targetaccount, after recording the transfer event according to theauthentication request submitted by the gateway, the block chain sets afreezing period for the target account, and within the freezing period,the resource in the target account cannot be transferred. If within thefreezing period set by the block chain for the target account, the ownerof the lost account raises an objection, for example, the owner of thelost account actually does not initiate the transfer request, or anerror occurs in a process of transferring the resource in the lostaccount, or the owner of the lost account believes that the gateway oranother person commits a fraud, the block chain may return the resourcetransferred by the lost account to the target account to the lostaccount, to protect equity of the owner of the lost account.Specifically, a process of returning the resource in the target accountto the lost account is the same as a process of transferring theresource in the lost account to the target account. The owner of thelost account provides the identity information and a resource returningrequest to the gateway. The gateway verifies the identity informationand the resource returning request, and submits the authenticationrequest to the block chain according to the identity information of theuser and the resource returning request after the verification succeeds.The block chain records the transfer event according to theauthentication request, to return the resource in the target account tothe lost account.

Optionally, after the submitting, by the computer device, anauthentication request to a block chain, so that the block chain recordsa transfer event in the block chain according to the authenticationrequest, the method for processing account information in a block chainmay further include: extracting, by the computer device, the initialdata from the block chain, the initial data including the second dataobtained by the gateway by encrypting the identity information and thetransfer request by using the public key of the first account;decrypting, by the computer device, the second data by using the privatekey of the first account, to obtain first decrypted data; comparing, bythe computer device, the first decrypted data and data locally stored bythe gateway to determine whether the first decrypted data and the datalocally stored by the gateway are consistent; and if determining throughcomparison that the first decrypted data and the locally stored data areinconsistent, determining, by the computer device, that the locallystored data has been tampered.

In an optional embodiment, to prevent the initial data sent by the userto the gateway from being tampered in a process of being submitted tothe block chain, the initial data recorded on the block chain may alsobe verified. For example, after the resource in the lost account istransferred to the target account, when the owner of the lost accountproposes that the gateway or another person commits a fraud and demandsreturning the transferred resource, or the freezing period of the targetaccount already ends, the resource transferred to the target account isalready transferred again so as not to be returned to the lost account,and the owner of the lost account needs to be compensated throughjudicatory means, the gateway needs to provide the locally storedidentity information and transfer request as evidence and may certifythrough verification that the identity information and the transferrequest that are provided by the gateway are the identity informationand the transfer request that are submitted by the gateway to the blockchain and that are not tampered. Specifically, if the identityinformation and transfer data that are included in the authenticationrequest submitted by the gateway to the block chain are encrypted byusing the public key of the first account, the gateway extracts theinitial data from the block chain. The initial data includes the seconddata obtained by encrypting, by the gateway by using the public key ofthe first account, the identity information and the transfer requestthat are submitted by the user. The gateway decrypts the second data byusing the private key of the first account to obtain original texts ofthe identity information and the transfer request that are submitted bythe user, that is, the first decrypted data. The gateway compares thefirst decrypted data and the data locally stored by the gateway. If thefirst decrypted data and the data locally stored by the gateway areconsistent, the data locally stored by the gateway is not tampered. Ifthe first decrypted data and the data locally stored by the gateway areinconsistent, the data locally stored by the gateway has been tampered.

Optionally, after the submitting, by the computer device, anauthentication request to a block chain, so that the block chain recordsa transfer event in the block chain according to the authenticationrequest, the method for processing account information in a block chainmay further include: extracting, by the computer device, the initialdata from the block chain, the initial data including the third dataobtained by signing the identity information and the transfer request byusing the private key of the first account; decrypting, by the computerdevice, the third data by using the public key of the first account, toobtain second decrypted data; hashing, by the computer device, locallystored data, to obtain hashed data; comparing, by the computer device,the second decrypted data and the hashed data to determine whether thesecond decrypted data and the hashed data are consistent; anddetermining, by the computer device, that the locally stored data hasbeen tampered if determining through comparison that the seconddecrypted data and the hashed data are inconsistent.

In an optional embodiment, when it is verified whether the identityinformation and the transfer request that are submitted by the gatewayare consistent with the identity information and the transfer requestthat are submitted by the gateway to the block chain, if the identityinformation and the transfer request that are included in theauthentication request submitted by the gateway to the block chain aresigned by using the private key of the first account, the gatewayextracts the initial data from the block chain. The initial dataincludes the third data obtained by signing, by the gateway by using theprivate key of the first account, the identity information and thetransfer request that are submitted by the user. The gateway encryptsthe third data by using the public key of the first account to obtainthe second decrypted data. The data is obtained after hashing theidentity information and the transfer request. The gateway hashes thelocally stored identity information and transfer request, to obtainhashed data and compares the second decrypted data and the hashed data.If the second decrypted data and the hashed data are consistent, thedata locally stored by the gateway is consistent with the data recordedon the block chain, and the data locally stored by the gateway is nottampered. If the second decrypted data and the hashed data areinconsistent, the data locally stored by the gateway is inconsistentwith the data recorded on the block chain, and the data locally storedby the gateway has been tampered.

Optionally, after the submitting an authentication request to a blockchain, so that the block chain records a transfer event in the blockchain according to the authentication request, the method for processingaccount information in a block chain may further include: extracting, bythe computer device, the initial data from the block chain according toa check instruction sent by the user, the initial data including thesecond data obtained by encrypting the identity information and thetransfer request by using the public key of the first account, and thecheck instruction being used for instructing to check the second data;encrypting, by the computer device by using the public key of the firstaccount, the transfer request and the identity information that are sentby the user, to obtain fourth data; and comparing, by the computerdevice, the second data and the fourth data to determine whether thesecond data and the fourth data are consistent; determining, if thecomparison result is ‘yes’ (that is, the second data and the fourth dataare consistent), that the transfer request and the identity informationthat are sent by the user have not been tampered, and determining, ifthe comparison result is ‘no’ (that is, the second data and the fourthdata are not consistent), that the transfer request and the identityinformation that are sent by the user have been tampered.

Optionally, after the submitting an authentication request to a blockchain, so that the block chain records a transfer event in the blockchain according to the authentication request, the method for processingaccount information in a block chain may further include: extracting, bythe computer device, the initial data from the block chain according toa check instruction sent by the user, the initial data including thethird data obtained by signing the identity information and the transferrequest by using the private key of the first account, and the checkinstruction being used for instructing to check the third data; hashing,by the computer device, the transfer request and the identityinformation that are sent by the user, to obtain fifth data; decrypting,by the computer device, the third data by using the public key of thefirst account, to obtain third decrypted data; and comparing, by thecomputer device, the fifth data and the third decrypted data todetermine whether the fifth data and the third decrypted data areconsistent; determining, if the comparison result is yes, that thetransfer request and the identity information that are sent by the userhave not been tampered, and determining, if the comparison result is no,that the transfer request and the identity information that are sent bythe user have been tampered.

In an optional embodiment, the user may check, through a client, theidentity information and the transfer request that are recorded on theblock chain, to ensure that initial information recorded on the blockchain is authentic and is not tampered. Optionally, the computer devicefor checking may be a check client issued by the gateway, and the clientmay imitate the gateway to encrypt or sign the identity information ofthe user and the transfer request of the user and obtain the encryptedor signed data. Specifically, after the block chain already records thetransfer event according to the authentication request submitted by thegateway, the user sends the check instruction to the client. The checkinstruction includes original texts of the identity information and thetransfer request that are submitted by the user to the gateway. Afterreceiving the check instruction of the user, the client obtains theidentity information and the transfer request of the user according tothe check instruction, then extracts the identity information and thetransfer request of the user that are recorded on the block chain, andcertifies through verification whether the identity information and thetransfer request of the user are consistent with the identityinformation and the transfer request of the user that are recorded onthe block chain. Specifically, if the identity information and thetransfer data that are included in the authentication request submittedby the gateway to the block chain are encrypted, that is, the seconddata obtained by encrypting the identity information and the transferdata by using the public key of the first account, the client encryptsthe identity information and the transfer request of the user by usingthe public key of the first account, to obtain the fourth data, and thencompares the fourth data and the identity information and the transferrequest of the user that are recorded on the block chain, to obtain acomparison result indicating whether the fourth data and the identityinformation and the transfer request of the user are consistent. If thecomparison result is yes, it indicates that the initial data recorded onthe block chain is initial data actually submitted by the user to thegateway. If the comparison result is no, it indicates that the initialdata recorded on the block chain and the initial data actually submittedby the user to the gateway are inconsistent, and the user needs toappeal to the gateway. If the identity information and the transfer datathat are included in the authentication request submitted by the gatewayto the block chain are signed, that is, the third data obtained bysigning the identity information and the transfer data by using theprivate key of the first account, the client decrypts the third data byusing the public key of the first account to obtain the third decrypteddata, and hashes the identity information and the transfer request ofthe user to obtain the fifth data, and then compares the fifth data andthe third decrypted data, to obtain a comparison result indicatingwhether the fifth data and the third decrypted data are consistent. Ifthe comparison result is yes, it indicates that the initial datarecorded on the block chain is the initial data actually submitted bythe user to the gateway. If the comparison result is no, it indicatesthat the initial data recorded on the block chain and the initial dataactually submitted by the user to the gateway are inconsistent, and theuser may appeal to the gateway.

Optionally, cases in which the user needs to appeal to the gateway orsue the gateway to require the gateway to provide evidence may include,for example but not limited to, the following several cases: in a firstcase, the transfer request received by the gateway is an incorrect orfalse request initiated by another user; the gateway causes bynegligence in a verification progress such that the block chain recordsthe transfer event according to the incorrect or false request. When thetransfer event according to the incorrect or false request is discoveredby the user, the target account is still in the freezing period; afterthe gateway re-checks the materials, the transferred resource may bereturned to the original account, that is, the lost account in thetransfer request, of the resource according to the returning request ofthe user. In a second case, when the transfer event according to theincorrect or false request is discovered by the user, the freezingperiod of the target account has been expired, the transferred resourcecannot be returned, then the user may sue the gateway to an arbitrationinstitution, and the arbitration institution requires the gateway toprovide the received user identity information and transfer request anduse the received user identity information and transfer request asevidence. If the evidence can prove that the gateway causes loss to theuser by mistake, the gateway takes responsibility and compensates theuser. It should be noted that the evidence provided by the gateway tothe arbitration institution cannot be tampered. If the evidence has beentampered by the gateway, the arbitration institution re-encrypts orre-signs the evidence and compares the evidence with the initial datarecorded on the block chain, leading to a comparison result“inconsistent”. In a third case, the gateway commits a fraud and forgesan authentic user identity and transfer request as false initial data.After the fraud is discovered by the user, the user may sue the gatewayto the arbitration institution. The gateway has to provide the falseinitial data forged by the gateway to the arbitration institution asevidence. Otherwise, after the evidence provided by the gateway isencrypted or signed, the evidence is inconsistent with the initial datarecorded on the block chain.

The foregoing method embodiment provides a method for transferring theresource in the lost account to the target account in the block chainwhen the account private key of the user is lost, and after the resourceis transferred, when a dispute or a fraud behavior occurs, completeevidence that cannot be tampered can be provided to retrieve theresource or identify responsibility, to ensure benefits of parties inthe block chain.

FIG. 5 is a flowchart of an optional method for processing accountinformation in a block chain according to an embodiment. As shown inFIG. 5, the method includes the following operations.

Operation S501: A user generates a target account from a certificatecenter and submits a transfer request and identity information to agateway. After losing a private key of an account, the user firstgenerates a new account through the certificate center and uses thenewly generated account as the target account. The certificate center isused for creating an account, and public keys and addresses of allaccounts and information about owners of the accounts are recorded inthe user center. The user sends a transfer request to the gatewayaccording to a lost account and the target account. The transfer requestis used for requesting the gateway to transfer a resource in the lostaccount to the target account. In addition, the user further needs toprovide the identity information to the gateway, to prove, through theidentity information, that the user is an owner of the lost account.

Operation S502: The gateway receives the transfer request and theidentity information that are submitted by the user and obtains ownerinformation of a lost account from the certificate center according tothe transfer request. The gateway has a right of obtaining recordedaccount information from the certificate center. The gateway obtainsidentity information of the owner of the lost account from thecertificate center according to the transfer request submitted by theuser, to verify the identity information submitted by the user. Forexample, the certificate center records an identity card number of theowner of the lost account or a scanning copy of an identity card copy,and then the user needs to provide corresponding materials that proveidentity, such as the identity card copy. Alternatively, the certificatecenter records voiceprint information of the owner of the lost account,and then the user needs to provide corresponding voiceprint materials.

Operation S503: The gateway compares the identity information submittedby the user and the owner information of the lost account. The gatewaycompares the identity information submitted by the user with informationabout the owner of the lost account that is obtained from thecertificate center, to determine whether the identity informationsubmitted by the user and the owner information of the lost account areconsistent, to verify whether the user is the owner of the lost account.

Operation S504: When the identity information submitted by the user andthe owner information of the lost account are consistent, the gatewayencrypts, by using a public key of a first account, the identityinformation and the transfer request that are submitted by the user, toobtain second data. To protect privacy of the user and prevent personaldata of the user from being leaked, the gateway first obtains the publickey of the first account from the certificate center and encrypts, byusing the public key of the first account, the identity information andthe transfer request that are submitted by the user, to obtain thesecond data.

Operation S505: The gateway signs information about the lost account,information about the target account, a resource list, and the seconddata by using a private key of the first account, to obtain first data,generates an authentication request according to the first data, andsubmits the authentication request to a block chain.

Operation S506: The block chain obtains the first data according to thereceived authentication request, and a plurality of devices of the blockchain verifies the first data by using the public key of the firstaccount and obtains initial data after verification succeeds. The blockchain obtains the first data from the authentication request submittedby the gateway, and the plurality of devices of the block chain verifiesthe first data by using the public key of the first account. Ifverification succeeds, the block chain may obtain the initial data fromthe first data. In the foregoing verification process, because checkingof the identity information and the transfer request is completed by thegateway, and the block chain trusts a checking result of the gateway,the block chain only needs to verify whether a signature provided by thegateway for the initial data is authentic and does not need to verifythe identity information and the transfer request of the user.

Operation S507: The block chain records a transfer event according tothe initial data, to transfer a resource in the lost account to thetarget account. A block may be newly added to the block chain, and isused for recording the transfer event, to complete transferring theresource in the lost account to the target account.

Operation S508: The block chain sets a freezing period for the targetaccount. To avoid loss to the lost account caused by incorrectlytransferring the resource in the lost account to the target account,after recording the transfer event according to the authenticationrequest submitted by the gateway, the block chain sets a freezing periodfor the target account, and within the freezing period, the resource inthe target account cannot be transferred. If within the freezing periodset by the block chain for the target account, the owner of the lostaccount raises an objection, for example, the owner of the lost accountactually does not initiate the transfer request, or an error occurs in aprocess of transferring the resource in the lost account, or the ownerof the lost account believes that the gateway or another person commitsa fraud, the block chain may return the resource transferred by the lostaccount to the target account to the lost account, to protect equity ofthe owner of the lost account. Specifically, a process of returning theresource in the target account to the lost account is the same as aprocess of transferring the resource in the lost account to the targetaccount. The owner of the lost account provides the identity informationand a resource returning request to the gateway. The gateway verifiesthe identity information and the resource returning request, and submitsthe authentication request to the block chain according to the identityinformation and the resource returning request of the user after theverification succeeds. The block chain records the transfer eventaccording to the authentication request, to return the resource in thetarget account to the lost account.

Operation S509: When a dispute occurs, the gateway extracts the initialdata from the block chain and obtains, from the initial data, the seconddata encrypted by the public key of the first account, and decrypts thesecond data by using the private key of the first account, to obtaindecrypted data. The decrypted data may be used as evidence for verdictof the dispute, to adjudicate the dispute that occurs.

Operation S510: The gateway re-encrypts the decrypted data by using thepublic key of the first account, to prove that the decrypted data is nottampered. To prove that the evidence used for verdict of the dispute isauthentic and is not tampered, the gateway may re-encrypt, by using thepublic key of the first account, the identity information and thetransfer request of the user that are used as evidence, and compare theencrypted data with the second data obtained from the block chain. If itis determined through comparison that the encrypted data and the seconddata obtained from the block chain are inconsistent, it proves that theuser information and the transfer request that are used as evidence aretampered and are not authentic. Optionally, the gateway may furtherobtain, from a database, backup files of original texts of the identityinformation and the transfer request that are submitted by the user, andthe backup files may also be re-encrypted by the gateway by using thepublic key of the first account and compared with the second data in theblock chain, to prove authenticity of the backup files.

It should be noted that for simple descriptions, the foregoing methodembodiments are stated as a series of action combinations. However, aperson skilled in the art should know that the disclosure is not limitedto the sequence of the described actions because according to thedisclosure, some operations may use another sequence or may besimultaneously performed. In addition, a person skilled in the artshould also know that all the embodiments described in thisspecification are exemplary embodiments, and the related actions andmodules may not necessarily be required in the disclosure.

Based on the foregoing descriptions of the embodiments, a person skilledin the art may clearly understand that the method in the foregoingembodiments may be implemented by software in addition to a necessaryuniversal hardware platform or by hardware only. However, the former maybe a preferable form of implementation of the disclosure. Based on suchan understanding, the technical solutions essentially or the partcontributing to the prior art may be implemented in a form of a softwareproduct. The computer software product is stored in a storage medium(such as a ROM/RAM, a magnetic disk, or an optical disc) and includesseveral instructions for instructing a terminal device (which may be amobile phone, a computer, a server, a network device, or the like) toperform the methods described in the embodiments.

According to an embodiment, an apparatus for processing accountinformation in a block chain and for performing the foregoing method forprocessing account information in a block chain is further provided. Theprocessing apparatus according to an embodiment may be disposed in acomputer device. FIG. 6 is a schematic diagram of an optional apparatusfor processing account information in a block chain according to anembodiment. As shown in FIG. 6, the apparatus for processing accountinformation in a block chain may include: a first receiving unit 610, anobtaining unit 620, a first comparison unit 630, and a first submissionunit 640.

The first receiving unit 610 is configured to receive a transfer requestand identity information that are sent by a user, the transfer requestbeing used for requesting to transfer a resource in a lost account to atarget account, and the target account being generated by a certificatecenter. The obtaining unit 620 is configured to obtain owner informationof the lost account from the certificate center according to thetransfer request. The first comparison unit 630 is configured to comparethe identity information and the owner information. The first submissionunit 640 is configured to submit an authentication request to a blockchain when determining through comparison that the identity informationand the owner information are consistent, so that the block chainrecords a transfer event in the block chain according to theauthentication request, the transfer event being used for instructing totransfer the resource in the lost account to the target account.

It should be noted that the first receiving unit 610 in this embodimentmay be configured to perform operation S302 in the foregoing embodiment;the obtaining unit 620 in this embodiment may be configured to performoperation S304 in the foregoing embodiment; the first comparison unit630 in this embodiment may be configured to perform operation S306 inthe foregoing embodiment; the first submission unit 640 in thisembodiment may be configured to perform operation S308 in the foregoingembodiment.

It should be noted herein that examples and application scenariosimplemented by the foregoing units and corresponding operations are thesame but are not limited to the content disclosed in the foregoingembodiments. It should be noted that the foregoing units may be run inthe hardware environment shown in FIG. 2 as a part of the apparatus forprocessing account information in a block chain, and may be implementedthrough software, or may be implemented through hardware.

Through the foregoing units, a technical problem of account insecuritycaused by loss of a private key of an account in a block chain can besolved, to achieve the technical effect of improving account security.

Optionally, the first submission unit includes: a signature module,configured to sign initial data by using a private key of a firstaccount, to obtain first data, the initial data including informationabout the lost account, information about the target account, theidentity information, the transfer request, and a resource list, and theresource list being a list of all resources to be transferred in thelost account; a generation module, configured to generate theauthentication request according to the first data; and a submissionmodule, configured to submit the authentication request carrying theinitial data to the block chain.

Optionally, the signature module includes: an encryption sub-module,configured to encrypt the identity information and the transfer requestby using a public key of the first account, to obtain second data; and afirst signature sub-module, configured to sign the information about thelost account, the information about the target account, the resourcelist, and the second data by using the private key of the first account,to obtain the first data.

The disclosure further provides an optional embodiment of an apparatusfor processing account information in a block chain. In the optionalembodiment, the signature module includes: a second signaturesub-module, configured to sign the identity information and the transferrequest by using the private key of the first account, to obtain thirddata; and a third signature sub-module, configured to sign theinformation about the lost account, the information about the targetaccount, the resource list, and the third data by using the private keyof the first account, to obtain the first data.

Optionally, the first submission unit includes: an obtaining module,configured to obtain the first data through the block chain; averification module, configured to verify the first data through theblock chain; and a recording module, configured to record the transferevent through the block chain according to the initial data after theverification succeeds.

Optionally, the verification module includes: an obtaining sub-module,configured to obtain the public key of the first account from thecertificate center or an initial block of the block chain through aplurality of devices of the block chain; and a verification sub-module,configured to verify the first data by using the public key of the firstaccount through the plurality of devices of the block chain.

Optionally, the apparatus for processing account information in a blockchain may further include: a setting unit, configured to: after theauthentication request is submitted to the block chain, so that theblock chain records the transfer event in the block chain according tothe authentication request, set a freezing period for the target accountthrough the block chain, the resource in the target account not beingallowed to be transferred within the freezing period.

Optionally, the apparatus for processing account information in a blockchain may further include: a first extraction unit, configured to: afterthe authentication request is submitted to the block chain, so that theblock chain records the transfer event in the block chain according tothe authentication request, extract the initial data from the blockchain, the initial data including the second data obtained by encryptingthe identity information and the transfer request by using the publickey of the first account; a first decryption unit, configured to decryptthe second data by using the private key of the first account, to obtainfirst decrypted data; a second comparison unit, configured to comparethe first decrypted data and locally stored data to determine whetherthe first decrypted data and the locally stored data are consistent; anda first determining unit, configured to: when it is determined that thefirst decrypted data and the locally stored data are inconsistentthrough comparison, determine that the locally stored data has beentampered.

Optionally, the apparatus further includes: a second extraction unit,configured to: after the authentication request is submitted to theblock chain, so that the block chain records the transfer event in theblock chain according to the authentication request, extract the initialdata from the block chain, the initial data including the third dataobtained by signing the identity information and the transfer request byusing the private key of the first account; a second decryption unit,configured to decrypt the third data by using the public key of thefirst account, to obtain second decrypted data; a first conversion unit,configured to hash locally stored data, to obtain hashed data; a thirdcomparison unit, configured to compare the second decrypted data and thehashed data to determine whether the second decrypted data and thehashed data are consistent; and a second determining unit, configured todetermine that the locally stored data has been tampered if it isdetermined through comparison that the second decrypted data and thehashed data are inconsistent.

Optionally, the apparatus for processing account information in a blockchain may further include: a third extraction unit, configured toextract the initial data from the block chain according to a checkinstruction sent by the user, the initial data including the second dataobtained by encrypting the identity information and the transfer requestby using the public key of the first account, and the check instructionbeing used for instructing to check the second data; an encryption unit,configured to encrypt, by using the public key of the first account, thetransfer request and the identity information that are sent by the user,to obtain fourth data; and a fourth comparison unit, configured to:compare the second data and the fourth data to determine whether thesecond data and the fourth data are consistent, to obtain a comparisonresult, determine, if the comparison result is yes (that is, the seconddata and the fourth data are consistent), that the transfer request andthe identity information that are sent by the user have not beentampered, and determine, if the comparison result is no (that is, thesecond data and the fourth data are not consistent), that the transferrequest and the identity information that are sent by the user have beentampered.

Optionally, the apparatus for processing account information in a blockchain may further include: a fourth extraction unit, configured to:after the authentication request is submitted to the block chain, sothat the block chain records the transfer event in the block chainaccording to the authentication request, extract the initial data fromthe block chain according to a check instruction sent by the user, theinitial data including the third data obtained by signing the identityinformation and the transfer request by using the private key of thefirst account, and the check instruction being used for instructing tocheck the third data; a second conversion unit, configured to hash thetransfer request and the identity information that are sent by the user,to obtain fifth data; a third decryption unit, configured to decrypt thethird data by using the public key of the first account, to obtain thirddecrypted data; and a fifth comparison unit, configured to: compare thefifth data and the third decrypted data to determine whether the fifthdata and the third decrypted data are consistent, to obtain a comparisonresult, determine, if the comparison result is yes, that the transferrequest and the identity information that are sent by the user have notbeen tampered, and determine, if the comparison result is no, that thetransfer request and the identity information that are sent by the userhave been tampered.

It should be noted herein that examples and application scenariosimplemented by the foregoing modules and corresponding operations arethe same but are not limited to the content disclosed in the foregoingembodiments. It should be noted that the foregoing modules may be run inthe hardware environment shown in FIG. 2 as a part of the apparatus forprocessing account information in a block chain, and may be implementedthrough software, or may be implemented through hardware. The hardwareenvironment includes a network environment.

According to an embodiment, a storage medium is further provided. Thestorage medium stores a computer program. The computer program isconfigured to perform the foregoing method when being run by a computerdevice (or at least one processor).

According to an embodiment, an electronic apparatus is further provided.The electronic apparatus includes a memory and a processor. The memorystores a computer program. The processor is configured to perform theforegoing method through the computer program.

According to an embodiment, a server for performing the method forprocessing account information in a block chain is further provided. Theserver may serve as the foregoing electronic apparatus.

FIG. 7 is a structural block diagram of a server according to anembodiment. As shown in FIG. 7, the server may include: one or more(although only one processor is shown in the figure, this is notlimiting) processor 701, a memory 703, and a transmission apparatus 705(such as the sending apparatus in the foregoing embodiments). As shownin FIG. 7, the terminal may further include an input/output device 707.

The memory 703 may be configured to store a software program and amodule such as a program instruction/module corresponding to the methodand apparatus for processing account information in a block chain in theexemplary embodiments, and the processor 701 runs the software programand the module stored in the memory 703, to execute various functionapplications and data processing, that is, implement the foregoingmethod for processing account information in a block chain. The memory703 may include a high-speed random memory, and may also include anonvolatile memory such as one or more magnetic storage apparatuses, aflash memory, or another nonvolatile solid-state memory. In someembodiments, the memory 703 may further include memories remotelydisposed relative to the processor 701, and these remote memories may beconnected to the terminal through a network. Examples of the networkinclude, but are not limited to, the Internet, an intranet, a local areanetwork, a mobile communications network, and a combination thereof.

The transmission apparatus 705 is configured to receive or send data viaa network and may further be configured to transmit data of theprocessor and the memory. Specific examples of the foregoing network mayinclude a wired network and a wireless network. In an embodiment, thetransmission apparatus 705 includes a network interface controller (NIC)that may be connected to another network device and a router by using anetwork cable, thereby communicating with the Internet or a local areanetwork. In an embodiment, the transmission apparatus 705 is a radiofrequency (RF) module that is configured to communicate with theInternet in a wireless manner.

Specifically, the memory 703 is configured to store an applicationprogram.

The processor 701 may invoke, by using the transmission apparatus 705,the application program stored in the memory 703, so as to performoperations described below.

The processor 701 is configured to perform the following operations:receiving a transfer request and identity information that are sent by auser, the transfer request being used for requesting to transfer aresource in a lost account to a target account, and the target accountbeing generated by a certificate center; obtaining owner information ofthe lost account from the certificate center according to the transferrequest; comparing the identity information and the owner information;and submitting an authentication request to a block chain whendetermining through comparison that the identity information and theowner information are consistent, so that the block chain records atransfer event in the block chain according to the authenticationrequest, the transfer event being used for instructing to transfer theresource in the lost account to the target account.

Optionally, the processor 701 may further be configured to perform othermethod operations in the foregoing embodiments.

According to the embodiments, a solution for processing accountinformation in a block chain is provided. The identity informationprovided by the user and the owner information of the lost account arecompared to determine whether the identity information provided by theuser and the owner information of the lost account are consistent, andwhen it is determined through comparison that the identity informationprovided by the user and the owner information of the lost account areconsistent, the authentication request is submitted to the block chain,to transfer the resource in the lost account to the target account inthe block chain, to achieve the technical effect that a signature of aprivate key of the lost account does not need to be verified when theresource in the lost account is transferred to the target account,thereby solving a technical problem of account insecurity caused by lossof the private key of the account in the block chain.

Optionally, refer to the examples described in the foregoing embodimentsfor specific examples in this embodiment. Repetitive details are notdescribed in this embodiment.

Persons of ordinary skill in the art may understand that, the structureshown in FIG. 7 is only schematic. Alternatively, the terminal may be aterminal device such as a smartphone (such as an Android mobile phone oran iOS mobile phone), a tablet computer, a palmtop computer, a mobileInternet device (MID), or a PAD. FIG. 7 does not limit the structure ofthe foregoing electronic apparatus. For example, the terminal mayfurther include more or less components (such as a network interface anda display apparatus) than those shown in FIG. 7, or has a configurationdifferent from that shown in FIG. 7.

Persons of ordinary skill in the art may understand that all or some ofthe operations of the methods of the foregoing embodiments may beimplemented by a program instructing relevant hardware of the terminaldevice. The program may be stored in a computer readable storage medium.The storage medium may be a flash disk, a read-only memory (ROM), arandom access memory (RAM), a magnetic disk, or an optical disc.

An embodiment further provides a storage medium. Optionally, in thisembodiment, the storage medium may be configured to store program codefor performing the method for processing account information in a blockchain.

Optionally, in this embodiment, the storage medium may be located in atleast one of a plurality network devices in the network shown in theforegoing embodiments.

Optionally, in this embodiment, the storage medium is configured tostore program code used for performing the following operations:

S1: Receive a transfer request and identity information that are sent bya user, the transfer request being used for requesting to transfer aresource in a lost account to a target account, and the target accountbeing generated by a certificate center.

S2: Obtain owner information of the lost account from the certificatecenter according to the transfer request.

S3: Compare the identity information and the owner information.

S4: Submit an authentication request to a block chain when it isdetermined through comparison that the identity information and theowner information are consistent, so that the block chain records atransfer event in the block chain according to the authenticationrequest, the transfer event being used for instructing to transfer theresource in the lost account to the target account.

Optionally, the storage medium in this embodiment may be configured tostore a program instruction for performing operations of the processingmethod in the foregoing embodiments. For specific example of thisembodiment, refer to the examples described in the foregoing methodembodiments. Details are not provided herein again in this embodiment.

Optionally, in this embodiment, the storage medium may include, but isnot limited to: any medium that can store program code, such as a USBflash drive, a read only memory (ROM), a random access memory (RAM), aremovable hard disk, a magnetic disk, or an optical disc.

If the integrated units in the foregoing embodiments are implemented ina form of software functional units and are sold or used as anindependent product, the units may be stored in a computer readablestorage medium. Based on such understanding, the technical solutionsessentially, or some contributing to the related art technology, or allor some of the technical solutions may be implemented in a form of asoftware product. The computer software product is stored in a storagemedium and includes several instructions for instructing one or morecomputer devices (which may be a personal computer, a server, a networkdevice, or the like) to perform all or some of operations of the methodsin the embodiments.

In the foregoing embodiments, descriptions of the embodiments havedifferent emphases, and as for parts that are not described in detail inone embodiment, reference can be made to the relevant descriptions ofthe other embodiments.

In the several embodiments provided in the disclosure, it should beunderstood that the disclosed client may be implemented in othermanners. The described apparatus embodiments are merely schematic. Forexample, division of the units is merely division of logic functions,and there may be another division manner during actual implementation.For example, multiple units or components may be combined or may beintegrated into another system, or some features may be omitted or notbe executed. In addition, the displayed or discussed mutual coupling, ordirect coupling, or communication connections may be implemented throughsome interfaces. Indirect coupling or communication connections betweenthe units or modules may be implemented in electronic or other forms.

The units described as separate parts may or may not be physicallyseparate, and the parts displayed as units may or may not be physicalunits, may be located in one position, or may be distributed on aplurality of network units. Some of or all of the units may be selectedaccording to actual needs to achieve the objectives of the solutions ofthe embodiments.

In addition, functional units in the embodiments may be integrated intoone processing unit, or each of the units may exist alone physically, ortwo or more units may be integrated into one unit. The integrated unitsmay be implemented in a form of hardware or may be implemented in a formof a software functional unit.

At least one of the components, elements, modules or units describedherein may be embodied as various numbers of hardware, software and/orfirmware structures that execute respective functions described above,according to an exemplary embodiment. For example, at least one of thesecomponents, elements or units may use a direct circuit structure, suchas a memory, a processor, a logic circuit, a look-up table, etc. thatmay execute the respective functions through controls of one or moremicroprocessors or other control apparatuses. Also, at least one ofthese components, elements or units may be specifically embodied by amodule, a program, or a part of code, which contains one or moreexecutable instructions for performing specified logic functions, andexecuted by one or more microprocessors or other control apparatuses.Also, at least one of these components, elements or units may furtherinclude or implemented by a processor such as a central processing unit(CPU) that performs the respective functions, a microprocessor, or thelike. Two or more of these components, elements or units may be combinedinto one single component, element or unit which performs all operationsor functions of the combined two or more components, elements of units.Also, at least part of functions of at least one of these components,elements or units may be performed by another of these components,element or units. Further, although a bus is not illustrated in some ofblock diagrams, communication between the components, elements or unitsmay be performed through the bus. Functional aspects of the aboveexemplary embodiments may be implemented in algorithms that execute onone or more processors. Furthermore, the components, elements or unitsrepresented by a block or processing operations may employ any number ofrelated art techniques for electronics configuration, signal processingand/or control, data processing and the like.

The above descriptions are merely optional implementations, and itshould be noted that a person of ordinary skill in the art can makevarious improvements and refinements without departing from the spirit.All such modifications and refinements should also be intended to becovered by this application.

What is claimed is:
 1. A method for processing account information in ablock chain, the method being performed by a computer device, andcomprising: receiving, by the computer device, identity information anda transfer request, the transfer request requesting to transfer aresource in an account to a target account, the target account beinggenerated by a certificate center; obtaining, by the computer device,owner information of the account from the certificate center accordingto the transfer request; in response to determining that the identityinformation and the owner information are consistent, obtaining, by thecomputer device, first data by using a private key of a first account,the first account being a super account in the block chain; andgenerating, by the computer device, an authentication request based onthe first data and transmitting the authentication request requestingthe block chain to transfer the resource in the account to the targetaccount.
 2. The method according to claim 1, wherein the obtaining thefirst data comprises: signing initial data by using the private key of afirst account, to obtain the first data, the initial data comprisinginformation about the account, information about the target account, theidentity information, the transfer request, and a resource list that isa list of resources in the account to be transferred.
 3. The methodaccording to claim 2, wherein the signing comprises: encrypting theidentity information and the transfer request by using a public key ofthe first account, to obtain second data; and signing the informationabout the account, the information about the target account, theresource list, and the second data by using the private key of the firstaccount, to obtain the first data.
 4. The method according to claim 2,wherein the signing comprises: signing the identity information and thetransfer request by using the private key of the first account, toobtain third data; and signing the information about the account, theinformation about the target account, the resource list, and the thirddata by using the private key of the first account, to obtain the firstdata.
 5. The method according to claim 2, wherein the resource in theaccount is transferred to the target account based on verification ofthe first data.
 6. The method according to claim 5, wherein theverification of the first data is based on a public key of the firstaccount.
 7. The method according to claim 1, further comprising: withrespect to the resource in the account that has been transferred to thetarget account, not transmitting the authentication request to the blockchain within a freezing period for the target account, the resource inthe target account not being allowed to be transferred within thefreezing period.
 8. The method according to claim 3, further comprising:extracting, by the computer device, the initial data from the blockchain, the initial data comprising the second data obtained byencrypting the identity information and the transfer request by usingthe public key of the first account; decrypting, by the computer device,the second data by using the private key of the first account, to obtainfirst decrypted data; comparing, by the computer device, the firstdecrypted data and locally stored data to determine whether the firstdecrypted data and the locally stored data are consistent; and inresponse to determining that the first decrypted data and the locallystored data are inconsistent, determining, by the computer device, thatthe locally stored data has been tampered.
 9. The method according toclaim 4, further comprising: extracting, by the computer device, theinitial data from the block chain, the initial data comprising the thirddata obtained by signing the identity information and the transferrequest by using the private key of the first account; decrypting, bythe computer device, the third data by using a public key of the firstaccount, to obtain second decrypted data; hashing, by the computerdevice, locally stored data, to obtain hashed data; comparing, by thecomputer device, the second decrypted data and the hashed data todetermine whether the second decrypted data and the hashed data areconsistent; and determining, by the computer device, that the locallystored data has been tampered in response to determining that the seconddecrypted data and the hashed data are inconsistent.
 10. The methodaccording to claim 3, further comprising: extracting, by the computerdevice, the initial data from the block chain according to a checkinstruction, the initial data comprising the second data obtained byencrypting the identity information and the transfer request by usingthe public key of the first account, and the check instruction beingused for instructing to check the second data; encrypting, by thecomputer device by using the public key of the first account, thetransfer request and the identity information, to obtain fourth data;and comparing, by the computer device, the second data and the fourthdata to determine whether the second data and the fourth data areconsistent, determining that the transfer request and the identityinformation have not been tampered in response to determining that thesecond data and the fourth data are consistent, and determining that thetransfer request and the identity information have been tampered inresponse to determining that the second data and the fourth data are notconsistent.
 11. The method according to claim 4, further comprising:extracting, by the computer device, the initial data from the blockchain according to a check instruction, the initial data comprising thethird data obtained by signing the identity information and the transferrequest by using the private key of the first account, and the checkinstruction being used for instructing to check the third data; hashing,by the computer device, the transfer request and the identityinformation, to obtain fifth data; decrypting, by the computer device,the third data by using a public key of the first account, to obtainthird decrypted data; and comparing, by the computer device, the fifthdata and the third decrypted data to determine whether the fifth dataand the third decrypted data are consistent, to obtain a comparisonresult, determining, if the comparison result is yes, that the transferrequest and the identity information have not been tampered, anddetermining, if the comparison result is no, that the transfer requestand the identity information have been tampered.
 12. An apparatus forprocessing account information in a block chain, the apparatuscomprising: at least one memory operable to store program code; and atleast one processor operable to read the program code and operate asinstructed by the program code, the program code comprising: firstreceiving code configured to cause the at least one processor to receiveidentity information and a transfer request requesting to transfer aresource in an account to a target account, the target account beinggenerated by a certificate center; obtaining code configured to causethe at least one processor to obtain owner information of the accountfrom the certificate center according to the transfer request; and firsttransmission code configured to cause the at least one processor to, inresponse to determining that the identity information and the ownerinformation are consistent: obtain, by using a private key of a firstaccount, first data, the first account being a super account in theblock chain; and generate an authentication request based on the firstdata, and transmit the authentication request to the block chain, theauthentication request requesting the block chain to transfer theresource in the account to the target account.
 13. The apparatusaccording to claim 12, wherein the first transmission code comprises:signature code configured to cause the at least one processor to signinitial data by using a private key of a first account, to obtain firstdata, the initial data comprising information about the account,information about the target account, the identity information, thetransfer request, and a resource list that is a list of resources in theaccount to be transferred; generation code configured to cause the atleast one processor to generate the authentication request according tothe first data; and second transmission code configured to cause the atleast one processor to transmit the authentication request comprisingthe initial data to the block chain.
 14. The apparatus according toclaim 13, wherein the signature code comprises: encryption codeconfigured to cause the at least one processor to encrypt the identityinformation and the transfer request by using a public key of the firstaccount, to obtain second data; and first signature code configured tocause the at least one processor to sign the information about theaccount, the information about the target account, the resource list,and the second data by using the private key of the first account, toobtain the first data.
 15. The apparatus according to claim 13, whereinthe signature code comprises: second signature code configured to causethe at least one processor to sign the identity information and thetransfer request by using the private key of the first account, toobtain third data; and third signature code configured to cause the atleast one processor to sign the information about the account, theinformation about the target account, the resource list, and the thirddata by using the private key of the first account, to obtain the firstdata.
 16. The apparatus according to claim 13, wherein the resource inthe account is transferred to the target account based on verificationof the first data.
 17. The apparatus according to claim 16, wherein theverification of the first data is based on a public key of the firstaccount.
 18. The apparatus according to claim 12, wherein the firsttransmission code causes the at least one processor to, with respect tothe resource in the account that has been transferred to the targetaccount, not transmit the authentication request to the block chainwithin a freezing period for the target account, the resource in thetarget account not being allowed to be transferred within the freezingperiod.
 19. The apparatus according to claim 14, wherein the programcode further comprises: first extraction code configured to cause the atleast one processor to extract the initial data from the block chain,the initial data comprising the second data obtained by encrypting theidentity information and the transfer request by using the public key ofthe first account; first decryption code configured to cause the atleast one processor to decrypt the second data by using the private keyof the first account, to obtain first decrypted data; comparison codeconfigured to cause the at least one processor to compare the firstdecrypted data and locally stored data to determine whether the firstdecrypted data and the locally stored data are consistent; and firstdetermining code configured to cause the at least one processor to, inresponse to determining that the first decrypted data and the locallystored data are inconsistent based on a result of comparison, determinethat the locally stored data has been tampered.
 20. A non-transitorycomputer readable storage medium, storing a computer program executableby at least one processor to cause the at least one processor toperform: receiving identity information and a transfer request, thetransfer request requesting to transfer a resource in an account to atarget account, the target account being generated by a certificatecenter; obtaining owner information of the account from the certificatecenter according to the transfer request; in response to determiningthat the identity information and the owner information are consistent,obtaining first data by using a private key of a first account, thefirst account being a super account in the block chain; and generatingan authentication request based on the first data and transmitting theauthentication request requesting the block chain to transfer theresource in the account to the target account.